nixos-config/home-manager/modules/ssh/default.nix

{ pkgs
, config
, lib
, ...
}:
with lib; let
  cfg = config.eboskma.programs.ssh;
in
{
  options.eboskma.programs.ssh = { enable = mkEnableOption "activate ssh"; };

  config = mkIf cfg.enable {
    programs.ssh = {
      enable = true;
      hashKnownHosts = true;
      matchBlocks = {
        "*" = {
          identityFile = "~/.ssh/id_ed25519_sk";
          identitiesOnly = true;
          extraOptions = {
            Ciphers = "chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr";
            KexAlgorithms = "curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256";
            MACs = "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com";
            HostKeyAlgorithms = "ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com";
            SetEnv = "TERM=xterm-256color";
          };
        };
        home = {
          host = "home";
          hostname = "10.0.0.2";
          extraOptions = {
            ControlMaster = "auto";
            ControlPersist = "5m";
          };
        };

        horus = {
          host = "horus";
          hostname = "10.1.0.2";
          proxyJump = "home";
          extraOptions = {
            ControlMaster = "auto";
            ControlPersist = "5m";
          };
        };

        proxy = {
          forwardAgent = true;
          hostname = "10.0.0.251";
        };

        gitea = {
          forwardAgent = true;
          hostname = "10.0.0.201";
        };

        drone = {
          forwardAgent = true;
          hostname = "10.0.0.202";
        };

        "git.datarift.nl" = {
          hostname = "10.0.0.201";
        };

        fluiddpi = {
          hostname = "10.0.0.120";
          user = "pi";
        };

        horus-vpn = {
          hostname = "192.168.4.202";
        };

        "repohost.bedum.horus.nu" = {
          forwardAgent = true;
        };

        "gitea.bedum.horus.nu" = {
          forwardAgent = true;
        };
      };
    };
  };
}